0 . 10/509876 

V \Y^ D^Reo-dPCT/PTO 04 0CTaOf 




CRYPTOGRAPHIC METHOD PROTECTED 
AGAINST ATTACKS OF THE COVERT CHANNEL TYPE 

The invention relates to a cryptographic method 
protected against attacks of the covert channel type . 
The invention is in particular advantageous for 
protecting algorithms during which a block of 
instructions from amongst several different blocks of 
instructions is executed as a function of an input 
variable. Such an algorithm is for example, but not 
limitingly, a binary exponentiation algorithm performing 
a calculation of the type B = A D , with A, B and D being 
integer numbers. Such an algorithm is for example 
implemented in electronic devices such as chip cards. 

The outline diagram of such an algorithm is 
depicted in Figure 1. It comprises a first step of 
testing the value of an input data item. According to 
the result of the test, a block of instructions n 0 or a 
block of instructions rii is carried out. The algorithm 
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can then terminate, or a new test step is performed on 
another input variable. In the example of an operation 
of the type B = A D , the input variable is a bit Di of D 
and the diagram in Figure 1 is repeated successively 
5 for each bit of D. 

The blocks of instructions n 0 , Tl ± each comprise a 
set of instructions to be executed, for example 
operations of addition, multiplication, variable 
updating, etc. The number and/or the type of 

10 instruction may be different from one block of 
instructions n 0 , Ili to the other. 

Many cryptographic algorithms are based on the 
outline diagram in Figure 1. This is in particular the 
case with cryptographic algorithms based on 

15 exponentiation calculations of the type B = A , where A, 
B are integer numbers usually of large size, and D a 
predetermined number of M bits. 

The numbers A, B may correspond for example to a 
text which is enciphered or to be enciphered, a data 

20 item which is signed or to be signed, a data item which 
is verified or to be verified, etc. The number D may 
correspond to elements of keys, private or public, used 
for enciphering or deciphering the numbers A, B . 

By way of example of the algorithms such as the 

25 so-called "Square -And -Mult iply" algorithm, the so- 
called "Right -To-Left binary algorithm" and the so- 
called " (M, M 3 ) algorithm" may be used for performing 
exponentiation calculations. 

A malevolent user may possibly undertake attacks 

30 aimed at discovering in particular confidential 
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information (such as for example the key D or a data 
item derived from this key) manipulated in processings 
carried out by the calculation device executing an 
exponentiation operation. 
5 A simple attack, known as a "timing attack", 

against the algorithm in Figure 1 consists in measuring 
the time necessary for the device to execute a block of 
instructions between two test steps. If the execution 
times for the blocks of instructions n 0 , Tl x are 

10 different, then it is easy to identify a block of 
instructions n 0 or rii and to deduce therefrom the value 
of the associated input variable. 

In order to protect against this attack, it is 
possible to add fictional instructions in the shortest 

15 block of instructions n 0 or Tl ± (a block of instructions 
is "the shortest" if the time taken to perform it is 
the least) so that the two blocks of instructions n 0/ Tl ± 
are of the same duration. 
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... in question, according to the value of this bit 
and/or according to the instruction. 

Covert channel attacks may succeed with algorithms 
such as the one in Figure 1 if the blocks of instructions 
5 n 0/ rii are not equivalent vis-a-vis these attacks. 

The term "equivalent" must be understood here and 
throughout the remainder of the text in the following 
manner. Two instructions INSTi, INST 2 (or two blocks of 
instructions n 0/ Ffi) are said to be equivalent (INST 0 is 
10 denoted - INSTi) if it is not possible to differentiate 
them by means of a covert channel attack. This is the 
case in particular if the physical quantity measured 
during the attack follows the same development for the 
two instructions. It should be noted however that two 
15 instructions may be equivalent vis-a-vis one covert 
channel attack and not be equivalent vis-a-vis another 
covert channel attack. 

In the same way, it will be said that two 
instructions (or blocks of instructions) are equal if, 
2 0 when they are used with the same input data, they 
produce identical output data. 

It is known how to protect against covert channel 
attacks by adding fictional instructions to the 
algorithm. It is assumed hereinafter that a fictional 
25 instruction is equivalent to a similar real 
instruction. For example, the instruction i<-i-0 is 
assumed to be equivalent to the instruction i<-i-l. 

In the case of the algorithm in Figure 1, it is 
thus known how to effect a fictional block of 
30 instructions n x after each block of instructions n 0 , and 
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to effect in a symmetrical manner a fictional block of 
instructions n 0 before each block of instructions llx 
(see the steps in dotted lines in Figure 1) . Thus, 
whatever the value of the input data item, a block of 
5 instructions n 0 and a block of instructions Tlx will be 
effected, in this order, one or other being fictional, 
so that it is not possible to predict the value of the 
input data item, the physical quantities relating to a 
calculation being equivalent. Thus there is denoted: 

io (n 0 | | n x 

(fictional) ) - (n 0 (fictional) 

The notation w | | " signifies the successive 
effecting of blocks of instructions n 0 , lli (or more 
generally the successive effecting of two 
instructions) . 

15 Though this solution is effective against covert 

channel attacks, it does however have the drawback of 
multiplying on average by two the time needed for 
executing the algorithm. 

This is because, in the case of an unprotected 

2 0 algorithm using M input data (for example the M bits of 
a data item D) , statistically on average M/2 blocks of 
instructions n 0 and M/2 blocks of instructions n x are 
effected. If TO and respectively Tl are the average 
times for executing a block of instructions n 0 or 

25 respectively Eli, then the average time for executing 
the unprotected algorithm is equal to M* (TO + Tl)/2. 

On the other hand, in the case of the algorithm 
protected by fictional blocks of instructions n 0 , Tl lt a 
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block of instructions n 0 and a block of instructions 111 
are systematically effected for each of the M input 
data. Consequently the average time for executing the 
algorithm protected by fictional blocks of instructions 
5 is equal to M* (TO + Tl) . 

A first aim of the invention is to propose a 
novel cryptographic algorithm protected against covert 
channel attacks. A second aim of the invention is a 
protected cryptographic method which is more rapid than 

10 existing protected algorithms. 

This aim is achieved by a cryptographic 
calculation method according to the invention, 
characterised in that, in order to execute a chosen 
block of instructions dlj) as a function of an input 

15 variable (Di) from amongst N predefined blocks of 
instructions (lli, n N ) , a block (T(k,s)) common to the 

N predefined blocks of instructions (lli, n N ) is 

executed a predefined number of times (Lj), the 
predefined number (Lj) being associated with the chosen 

20 block of instructions (Tlj) . 

In other words, according to the invention, a 
single elementary block, the common elementary block, 
is effected whatever the input variable. The common 
elementary block is executed a predefined number of 

25 times, according to the input variable. Contrary to 
the known methods, different blocks of instructions are 
not executed as a function of the input variable. 

Thus, with the invention, it is then not possible 
to determine, by means of a covert channel attack, 
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which block of instructions is executed. A method 
according to the invention is therefore well protected. 

The predefined number (Lj) is variable from one 
predefined block of instructions (YI lt I1 N ) to another. 
5 The common block (r(k,s)) preferably comprises at 

least one calculation instruction (y(k,s)) equivalent 
vis-a-vis a covert channel attack to a calculation 
instruction for each predefined block (Tlx, «•/ n N ) . 

The common block (T(k,s)) can also comprise an 
10 instruction to update a loop pointer (k) indicating a 
number of executions already executed of the common 
block (r(k,s) ) . 

If necessary, the common block (r(k,s)) can 
additionally comprise an instruction to update a state 
15 pointer (s) indicating whether the predefined number 
(Lj) has been reached. 

The value of the loop pointer (k) and/or the 
value of the state pointer (s) are a function of the 
value of the input variable (Di) and/or of the number of 
20 instructions of the instruction block (llj) associated 
with the value of the input variable. 

Preferably, if several common blocks are 
possible, the common block is chosen so as to be 
minimum, in the sense that it comprises a minimum 
25 number of instructions and/or in that it is effected in 
a minimum time. 

Preferably again, in order to successively effect 
several blocks of instructions chosen from amongst the 
N predefined blocks of instructions (lli, n N ) , each 
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chosen block of instructions being selected as a 
function of an input variable (Di) associated with an 
input index (i) , 

the common block (T(k,s)) is executed a total 
5 number (L T ) of times, the total number (L» T ) being equal 
to a sum of the predefined numbers (Lj) associated with 
each chosen block of instructions (Ilj) . 

There too, in order to successively execute 
several blocks of instructions, only the common block 
10 is executed an appropriate number of times; this 
whatever the blocks of instructions to be executed. It 
is therefore not possible to predict with which block 
of instructions the common block currently being 
executed is associated. A covert channel attack can 
15 therefore not succeed. 

It should be noted that one and the same block of 
instructions (Elj) can be chosen several times according 
to the input variable (Di) associated with the input 
index (i) . 

2 0 According to one embodiment of the invention, one 

or more mathematical relationships are used in order to 
update the loop pointer and/or the state pointer and/or 
indices of registers used for implementing the 
cryptographic method and/or the input variable or 

25 variables. According to another embodiment of the 
invention, the updating takes place using a table with 
several inputs. These embodiments will be detailed at 
greater length hereinafter by means of practical 
examples . 

30 The invention also relates to a method for 
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obtaining a block (r(k,s)) common to N predefined 
blocks of instructions (Eli, n N ) . The said method is 

able to be used for implementing a protected 
cryptographic calculation method according to the 
5 invention such as the one described above. 

According to the invention, a common block 
(T(k,s)) is obtained by performing the following steps: 

El: breaking down each predefined block of 
instructions (III, n N ) into a series of elementary 

10 blocks (y) equivalent vis-a-vis a covert channel attack, 
and classifying all the elementary blocks (for example 
by allocating a rank) , 

E2 : seeking a common elementary block (y(k,s)) 
equivalent to all the elementary blocks (y) of all the 
15 predefined blocks of instructions, 

E3 : seeking a common block (T(k,s)) comprising 
at least the common elementary block (y(k,s)) previously 
obtained during step E2 and an instruction to update a 
loop pointer (k) such that an execution of the common 
2 0 elementary block associated with the value of the loop 
pointer (k) and an execution of the elementary block 
with a rank equal to the value of the loop pointer (k) 
are identical . 

If necessary, during step El , one or more 
25 fictional instructions can be added to the series of 
instructions of one or more blocks of instructions. 
This can facilitate the breaking down of each block of 
instructions into elementary blocks all equivalent vis- 
a-vis a covert channel attack. 
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During step El, each predefined block of 
instructions 111 to n N is divided into elementary blocks 
which are equivalent vis-a-vis a given attack; the 
elementary blocks are classified. For example: 

n x = yl | | y2 | | Y 3 ; n 2 = Y 4 | | y5 ; ... 

More generally, each block of instructions 111, 
n N is broken down thus: 

n x = y(d) || ... || yCd+Lx-l) , 
n 2 = y(c 2 ) || ... || y(c 2 +L 2 -l) , 

Hj = y(cj) || ... || yCcj+Lj-l) , 



n N = y(c N ) || ... || y(c N +L N -l) 
with Ci = 0 
15 C 2 = Li 

Cj = L11+L2+ ... +Lj-i 

Cn = «- Ijn-i 

2 0 Lj is the number of elementary blocks necessary 

for completely breaking down the predefined block of 

instructions Oj . 

During step E2 , a common elementary block y is 

sought such that each block of instructions Ylj (1 < j < N) 
2 5 can be expressed in the form of a repetition Lj times of 

the common elementary block y. 
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The common block is preferably chosen so as to be 
minimum. In other words, it comprises a minimum number 
of instructions and/or is executed in a minimum time. 

During step E3 , a common block is sought 
5 comprising : 

one or more common elementary blocks 
obtained during step E2 , and 

an instruction to update a loop pointer (k) 
such that an execution of the common elementary block 

10 associated with the value of the loop pointer (k) and 
an execution of the elementary block with a rank equal 
to the value of the loop pointer (k) are identical. 

If necessary, a state pointer s can also be used 
in addition to the loop pointer: 

15 - the state pointer s indicates whether the 

common elementary block has already been executed a 
predefined number of times corresponding to the number 
Lj of elementary blocks breaking down a given block of 
instructions llj ; in one example, the state pointer s is 

20 equal to 1 when the predefined number Lj of elementary 
blocks has been executed, and is equal to 0 otherwise; 

the loop pointer indicates the rank of the 
elementary block to be executed amongst all the 
elementary blocks. In very general terms, the loop 

25 pointer can be defined in all cases according to the 
following Equation 1: 

k <- (/s) . (k+1) + s.f (Di) 



Di is the input variable for selecting a block of 
instructions to be executed, s is the state pointer, 
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and f is a logic function of the input variable Di 
associated with a predefined block of instructions Oj 
to be executed, and /s is the complement of the pointer 
s (logic NOT function) . 
5 The above equation giving the value k is obtained 

by means of the following reasoning. 

When a block of instructions Oj is effected, the 
loop pointer k must be incremented by 1 at each 
execution of the common elementary block (associated 
10 with an equivalent elementary block of the breaking 
down of the block Oj ) as long as s = 0 , that is to say 
as long as the number of elementary blocks associated 
with the block Oj has not been reached. This is 
represented by the instruction: 

15 k <- (k+1) when s = 0 

Conversely, when the common elementary block 
associated with the last elementary block of the block 
rij (that is to say when s = 1) is effected, it is 
necessary to modify k so as to effect the common 
20 elementary block associated with the first elementary 
block of the following block of instructions O j - . This 
results in the following instruction: 

k < - f (Di) when s = 1 

where Di is the input variable which determines 
25 the choice of the calculation O j * to be effected. 

By combining the last two instructions, Equation 
1 is finally obtained. 
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The above equation giving the value of k as a 
function of s is valid in all cases. In certain 
particular cases, this equation may be modified as will 
be seen better below in practical examples. 
5 The invention and the advantages which stem from 

it will appear more clearly from a reading of the 
following description of examples of implementation of 
a protected cryptographic method according to the 
invention. The description is to be read with 

10 reference to the accompanying drawings, in which: 

Figure 1 is a generic diagram of known 
methods able to be protected according to the invention, 

Figure 2 is a diagram of the generic method 
of Figure 1 protected according to the invention, 
15 - Figures 3 and 4 detail the implementation of 

certain steps of the method of Figure 2 in the case of 
known exponentiation methods, protected according to 
the invention. 

In the examples which follow, the obtaining of a 
2 0 common elementary block according to the invention and 
the use of this elementary block will be described in 
particular, in the practical cases of cryptographic 
calculation methods. 

Example 1 

25 In a first practical example, an exponentiation 

algorithm of the "Square-and-Mul tiply" type is 
considered, which makes it possible to perform an 
exponentiation operation of the type B = A D , where D = 
(D M -i, D 0 ) is a number of M bits. The known form of 
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this algorithm can be represented as follows: 

Initialisation: 

R 0 <- 1; Ri <- A; i <- M-l 
As long as i > 0, repeat: 
5 If Di = 1, then effect n 0 : 

Ro < ~ RoxRq 
R 0 <- R 0 xRx 
i <- i-l 
If Di = 0, then effect lli : 
10 R 0 <- R 0 xR 0 

i <- i-l 

Return R 0 . 

Algorithm 1 non-protected "Square -and- Mult iply" 

R 0 , Ri are registers of a calculation device 
15 adapted for implementing the algorithm, and i is a loop 
index referencing the various bits of D. According to 
the value Di, rij = FI 0 or Ilj = lli is executed. 

In Algorithm 1, the blocks of instructions n 0 , lli 
are effected according to the value of a bit Di of the 
2 0 exponent D, and the loop index i is decremented at the 
end of each block of instructions n 0/ lli so as to 
successively process all the bits Di of D. 

In Algorithm 1, the blocks of instructions n 0/ lli 
are not equivalent vis-a-vis a covert channel attack, 
25 in particular because the number of instructions of n 0 
is different from the number of instructions of lli. 

In order to protect Algorithm 1 according to the 
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invention, a common elementary block T able to be used 
for executing the blocks n 0 , 111 is sought. 

For this purpose, each block of instructions n 0/ 
lli is first of all broken down into a series of 
5 elementary blocks, all equivalent to each other vis-a- 
vis a given attack. 

The block of instructions n 0 can be written: 

Ro < - RoxRq 
i <- i-0 

10 R 0 <- RoxRi 

i <- i-1 

The instruction i <- i-0 is fictional: it does 
not modify any variable, any data item manipulated by 
Algorithm 1 . 

15 n 0 can then be broken down into two elementary 

blocks : 

n 0 = y0 | | yl with 

y0 : R 0 < - RoxR 0 
i <- i-0 

2 0 yl : R 0 < - R 0 xRi 

i <- i-1 

lli is broken down in the same way into an 
elementary block: 

lli = y2 with 

2 5 y2 : R 0 < - R 0 xR 0 

i <- i-1 
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It should be noted that the blocks yO , yl , y2 are 
all equivalent (yO - yl - y2) vis-a-vis a covert channel 
attack if it is assumed that the instructions R 0 <- 
R 0 xR 0 and R 0 <- RoxRi are equivalent and that the 
5 instructions i <- i-0 and i <- i-1 are equivalent. 

Thus each block of instructions n 0 , Eli has been 
broken down into a variable number of elementary blocks 
(variable from one block of instructions to another) , 
all equivalent to each other. 
10 Next a state pointer s and a rank pointer k are 

defined. When a block of instructions FTj is in the 
course of execution: 

k is used to indicate which elementary block 
yk is to be effected; the value of k depends in 
15 particular on the block llj currently being executed 
(and therefore on the input variable D± tested) and the 
state of advancement of the execution of the block Tlj 

s is used to indicate whether at least one 
elementary block yk is yet to be effected or whether the 
20 current block yk is the last of the block of 
instructions llj . 

In the case of the above example relating to 
Algorithm 1, the development of the pointers k, s can 
be summarised by the following table. 
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Table 1 





k 


s 


(Di = 


1) 


y0 : R 0 < - R o xR 0 ; i < - i - 0 






0 


0 






yl : R 0 < - RoxRi ; i < - i - 1 






1 


1 


(Di = 


0) 


y2 : R 0 < - R 0 xR 0 ; i < - i - 1 






2 


1 




s 


can be calculated from 


k: 


if the 


elementary 


block 


yk 


which is to be effected 


is 


the last 


elementary 


block 


of 


a block n, then s = 1, otherwise s = 


= 0 . 





In the case of Algorithm 1, it is possible for 
example to calculate s by means of the following 
equation : 



s = (k mod 2) + (k div 2) (EQ a) 

10 "div" designates an integer division and "mod" a 

modular reduction . From Equation 1 , the various values 
of s as a function of k are found (cf Table 1) . 

The updating of k can be obtained from s and Di, 
Di representing the current block Oj : 
15 - if s = 0 (block Oj currently being 

effected) , k is incremented by 1 at each effecting of 
an elementary block y, in order then to effect the 
following elementary block y. 

if s = 1, the current block n is terminated 
20 and the following elementary block y to be effected is 
the first elementary block of the next block Ilj to be 
executed; k therefore depends on Di . 

From the above, it is deduced therefrom that k 
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can be obtained by the following relationship: 

k <- (/s)x(k+l) + sxf (Di) (EQ b) 

/s is the complementary value of s (logic NOT 
function) , and f is a logic function of Di, which 
5 depends on the algorithm to be protected (see also 
Figure 3) . 

In the case of Algorithm 1, it is possible for 
example to choose f (Di) = 2x(/Di). 
Thus, with Equation 3: 

10 k <- (/s)x(k+l) '+ sx2x(/Di) (EQ c) 

the various values of k are found as a function 
of s and Di (cf Table 1) . 

Finally, a common elementary block y(k,s), is 
defined, equivalent to the elementary blocks yO , yl, y2 
15 and such that y(0, 0) =y0, y(l, 1) = yl *and y(2, 1) = y2 . 

For Algorithm 1, it is possible for example to 
choose : 

y(k,s): R 0 <- R 0 xR k mod 2 

i <- i - s 

20 Using the common elementary block y(k,s), 

Algorithm 1 can finally be written (see also Figure 3) : 

Initialisation : 

R 0 <- 1; Ri <- A; i <- M-l 
As long as i > 0, repeat the common block T(k,s) : 
25 k <- (/s)x(k+l) + sx2x(/Di) 
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s <- (k mod 2) + (k div 2) 



y(k, s) : 



Ro <- RoXRk mod 2 



1 < - 



1 



- s 



Return R 0 . 
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Protected Algorithm 1 

(protected " Square -and- Multiply" algorithm) 



In this algorithm, a single common block r(k,s) 



is used, 



whatever the values of Di 



i ■ 



In other words , 



whatever the value of Di, the same instruction or the 



where Di = 0 , the block T(k,s) is executed only once. 
In the case where D± = 1, the common block T(k,s) is 
executed successively twice. 

Whatever the values of the pointers k, s and 

15 whatever the value of Di, the associated block r(k,s) is 
equivalent, vis-a-vis a covert channel attack, to the 
block T(k,s) previously executed and to the block 
T(k,s) next executed. Consequently it is not possible 
to distinguish them from each other and it is not 

2 0 possible to know to which block of instructions Oj the 
common block r(k,s) currently being executed 
corresponds . 

It should be noted that, with respect to the non- 
protected Algorithm 1, the protected Algorithm 1 
25 according to the invention uses the same number of 
calculation instructions (such as multiplication 
instructions for example) in order to arrive at the 
same final result. The protected Algorithm 1 according 
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same block of instructions is executed. 



In the case 



to the invention simply comprises additional steps of 
updating pointers: such steps are much more rapid and 
consume much fewer resources than a calculation 
instruction such as a multiplication. Consequently the 
time for executing the protected algorithm is almost 
the same as that of the non-protected Algorithm 1: 
Tex = 1.5*M*T0, TO being the time for executing a 
multiplication . 

It should also be noted that the common block 
r(k,s) is not unique for one and the same algorithm, as 
will be seen with Example 2 . 

Example 2 

In the case of the "Square and Multiply" 
algorithm, other breakdowns of the block of 
instructions n 0 can be envisaged, for example: 

n 0 = y'O || y'l with 

y'O: R 0 <- R 0 xR 0 

i <- i-1 
y'l: R 0 <- R 0 xRx 

i < - i-0 

This breakdown can be envisaged since the 
fictional instruction i <- i-0 can be executed at any 
time during the block n 0 . It is consequently found 
that the elementary blocks y'O and y2 are identical. 
Table 1 is then modified in the following manner. 
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Table 2 





k 


s 


(Di = 


1) y'O: R 0 < 


- RqxRq ; 


i < - i - 


1 


0 


0 




Y'l: R 0 < 


- R 0 xRi; 


i < - i - 


0 


i 


1 


(Di = 


0) y'O: R 0 < 


- RqxRq ; 


i <- i - 


1 


0 


1 




The pointer 


s here 


becomes 


superfluous 


since 


only 



two elementary blocks are possible, y' 0 and y'l. Finally, 
5 the common elementary block y'(k,s) and the following 
protected algorithm are obtained (see also Figure 4) : 

Initialisation : 

R 0 <- 1; Ri <- A; i <- M-l; k <- 1 
As long as i > 0 , repeat the common block T' (k,s) : 
10 k <- (Di) AND (/k) 

y' (s,k) : R 0 <- R 0 xR k 

i <- i - (/k) 

Return R 0 . 

Protected Algorithm 2 
15 (protected " Square -And-Mult iply" algorithm, 

Version 2) 

Example 3 

The exponentiation algorithm known as the "Right - 
To-Left binary algorithm' 7 is fairly similar to the 
20 "Square-And-Multiply" algorithm. It makes it possible 
to perform an operation of the type B=A D , starting from 
the least significant bit of D in the following manner: 
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Initialisation : 

R 0 <- 1; Ri <- A; i <- 0 
As long as i < M-l, repeat: 

If Di = 1, then effect the block n 0 : 
5 R 0 <- R 0 xRi 

Ri < - RixRi 
i <- i + 1 

If Di = 0, then effect the block Eli : 
Ri < - RixRi 
10 i <- i+1 

Return R 0 . 

So-called "Right-To-Left binary algorithm" 

The blocks n 0/ Tli in this example can be broken 
down in the following manner: 

15 Table 3 





k 


s 


n 0 


(Di = 


1) 


y0 : 


R 0 <- 


RoXRi ; 


i < - 


i + 0 


0 


0 








yl: 


Ri <- 


RiXRi ; 


i < - 


i + 1 


1 


1 




(Di = 


0) 


yO : 


R x <- 


RixRi ; 


i < - 


i + 1 


0 


1 



Here also, as only two elementary blocks yO , yl 
are used to break down n 0/ IIi, the pointer s is 
unnecessary. It is possible for example to choose the 
20 following common elementary block y(k) : 



y(k) : R k <- R k xR x 
i <- i+k 
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and to update the pointer k before each effecting 
of the block y(k) using the instruction k <- k © Di, 
where © designates the exclusive-OR operator (©) . 
Finally the following protected Algorithm 3 is 
5 obtained: 

Initialisation : 

R 0 <- 1; Ri <- A; i <- 0; k <- 1 
As long as i < M-l, repeat the block T(k,s) : 
k <- k © Di 
10 y(k) : R k <- R k xRi 

i <- i+k 

Return R 0 . 
Algorithm 3 

(protected "Right -To-Left binary algorithm") 

15 The above examples describe algorithms during 

which only two blocks of instructions n 0 or rii are 
executed as a function of the value of an input variable 
D ± . The invention can however apply to algorithms using 
more than two blocks of instructions n. 

2 0 Example 4 

In this example the so-called w (M, M 3 ) algorithm" 
is considered, known in the following form: 



25 



Initialisation : 

R 0 <- 1; Ri <- A; R 2 <- A 3 ; 
D_! <- 0; i <- M-l 



As long as i > 0, repeat: 

If Di = 0, effect n 0 : 

Ro <- (Ro) 2 
i <- i-1 

If Di = 1 AND (Di-i = 0), effect n x : 

Ro <- (Ro) 2 
Ro < ~ RoxRi 
i <- i-1 

If Di = 1 AND (Di-i = 1), effect U 2 : 
Ro <- (Ro) 2 
Ro <- (Ro) 2 
R 0 <- R 0 xR 2 
i < - i-2 

Return R 0 . 

So-called " (M, M 3 ) algorithm 77 

AND is the logic AND function. R 0 , Ri, R 2 are 
registers of the device used for implementing the 
algorithm. 

By replacing the (R 0 ) 2 type squares with R 0 xR 0 type 
multiplications, and introducing fictional instructions 
of the type i <- i-0, it is possible to break down the 
algorithm (M, M 3 ) according to the table: 
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Table 4 





k 


s 


n 0 


(Di 


= 0) 








yO : 


Ro 


< - R 0 xR 0 ; 


i 


< - 


i-1 


0 


1 


n x 


(Di 


= 1) 


and 


(Di-! 


= 0) 


yl : 


Ro 


< - R 0 xR 0 ; 


i 


< - 


i-0 


1 


0 














y2 : 


Ro 


<- R 0 xRi; 


i 


< - 


i-1 


2 


1 


n s 


(Di 


= 1) 


and 


(Di-! 


= 1) 


y3 : 


Ro 


< - RqxRq ; 


i 


< - 


i-0 


3 


0 














y4 : 


Ro 


< - R 0 xR 0 ; 


i 


< - 


i-0 


4 


0 














y5 : 


Ro 


< - R 0 xR 2 ; 


i 


< - 


i-2 


5 


1 



Table 4 makes it possible to fairly easily 
calculate the value of the pointer k as a function of s 
5 and Di, and the value of the pointer s as a function of 
k, as before. Moreover, the blocks yO to y5 are all 
equivalent vis-a-vis a covert channel attack, and it is 
possible for example to choose the following common 
elementary block y(k,s) : 

10 y(k,s): R 0 <- R 0 xR sx(k div 2) 

i <- i - sx(k mod 2 + 1) 

Finally, a protected Algorithm 4 is derived from 

this : 

Initialisation : 
15 R 0 <- 1 ; Ri <- A, ; R 2 <- A 3 ; 

D_ x <- 0; i <- M-l; S <- 1 
As long as i > 0, repeat the block T(k,s) : 

k <- (/s)x(k+l) + sx(Di + 2x(Di AND Di_i) ) 
s <- /((k mod 2) © (k div 4)) 
20 y(k,s): R 0 <- R 0 xR sx(k div 2) 
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i < - i - sx(k mod 2+1) 

Return R 0 . 
Algorithm 4 

(protected algorithm (M, M 3 ) , Version 1) 
5 Example 5 

As seen in the context of Examples 1 and 2, for 
one and the same algorithm it is possible to choose 
between several common elementary blocks y(k) or y(k,s). 

In the case of the (M, M 3 ) algorithm for example, 
10 it is also possible to break down the blocks n 0 , IIi, Tl 2 
in the following manner: 

Table 5 





k 


s 


n 0 


(Di 


= 0) 








yO : 


Ro 


< - 


RoxRo ; 


i 


< - 


i-1 


0 


1 




(Di 


= 1) 


and 


(Di-! 


= 0) 


yl: 


Ro 




RoxRo ; 


i 


< - 


i-0 


0 


0 














y2 : 


Ro 


< - 


R 0 xRi ; 


i 


< - 


i-1 


1 


1 


n s 


(Di 


= 1) 


and 


(Di-! 


= 1) 


y3 : 


Ro 


< - 


RqxRq ; 


i 


< - 


i-0 


0 


0 














y4 : 


Ro 


< - 


RoxR 0 ; 


i 


< - 


i-0 


1 


0 














y5 : 


Ro 




R 0 xR 2 ; 


i 


< - 


i-2 


2 


1 



Compared with Table 4, only the values of k have 
been modified. 

Table 5 makes it possible to calculate, as 
before, the value of the pointer k as a function of s 
and Di, the value of the pointer s as a function of k, 
and the value by which the index i must be decremented. 
Moreover, it is possible for example to choose the 



15 



20 
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following common elementary block y(k,s) : 



y (k, s) : R 0 <- RoxR^ 

i <- i - kxs - (/Di) 

Finally, a protected Algorithm 5 is derived 
5 therefrom: 

Initialisation : 

R 0 <- 1; Ri <- A; R 2 <- A 3 ; 
D_i <- 0; i <- M-l; S <- 1 

As long as i > 0 , repeat : 
10 k <- (/s)x(k+l) 

s <- s 0 Di 0 ( (Di_i AND (k mod 2)) 
T(k,s): R 0 <- R 0 xR kxs 

i <- i - kxs - (/Di) 

Return R 0 . 

15 Algorithm 5 

(protected algorithm (M, M 3 ) , Version 2) 

As has been seen in the above examples, it is 
fairly simple to obtain, in the context of the 
invention, a breakdown of each block rij of instructions 

2 0 into elementary blocks y0 , yl, yLj . 

However, the relationships linking the loop 
pointer k and the state pointer s to the variable Di 
and/or to the variable j indexing the various blocks 
n 0 , Flj, n N become complex when the algorithm which it 

25 is sought to protect is itself complex (that is to say 
when it uses a large number of different blocks Etj , 
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when each block Oj is broken down into a large number 
of elementary blocks y, etc) . For certain particularly 
complex algorithms such as cryptographic algorithms on 
elliptic curves, this difficulty can even prove to be 
5 great or even insurmountable. 

In order to resolve or get around this 
difficulty, according to another embodiment of the 
invention, the links between the values of the loop 
pointer k, the state pointer s, the index of the 

10 registers used, the index i of the variable D and the 
index j of the blocks Oj , are expressed in the form of 
a Table U with several inputs, as will be seen in the 
examples below. 

In the practical implementation of the invention, 

15 the so-called Table U can for example be stored in a 
memory, erasable or not, of the device used. The 
updating of the pointers will then be effected by a 
reading in the memory of one or more values in the 
matrix U. 

2 0 Example 6 

The breakdown of the "Square and Multiply" 
algorithm into elementary blocks is considered once 
again : 

Table 6 = Table 2 





k 


s 


(Di = 1) yO: 


Ro <" 


R 0 xR 0 ; i < - i - 0 


0 


0 


yl : 


Ro <- 


R 0 xRi; i < - i-1 


1 


1 
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(Di = 0) y2: R 0 <- R 0 xR 0 ; i <- i-1 



A different value of k corresponds to each line 
in Table 6 . Each elementary block y k can be written in 
the following form: 

Yk = [Ru<k,o) <- Ru(k,nxRu<k,2) ; i <- i - U(k,3)] 

where U(k,l) is the element of the line k and of 
column 1 in the following matrix: 



(u k>1 ) 

0 < 1 < 3 



r o 0 0 0^ 
0 0 11 
0 0 0 1 



The matrix U is constructed in the following 
10 manner. Each row of the matrix corresponds to an 
elementary block yk of index k. With each column there 
is associated an index liable to vary from one 
elementary block yk to another. Here the Column 0 is 
associated with the index of the register in which the 
15 result of the instruction R« <- R a xRp (a, p are equal to 
0 or 1 here) is stored. Column 1 and Column 2 are 
associated with the indices of the registers whose 
product is effected by the instruction Ra <- RaxRp. 
Finally, Column 3 is associated with the variations of 
20 the index i. The matrix U is thus obtained very simply 
from the table summarising the breakdown of the blocks 
EIj into elementary blocks yk. 

The constant columns of the matrix being of no 
interest, they can be eliminated in order to give a 



30 



reduced matrix, easier to store and to use. In this 
way the common elementary block y(k) is obtained: 

y(k) = [R 0 <- R 0 xR u(k#0 ); i <- i - U(k, 1) ] 
with, for 0 < k < 2 and 0 < 1 < 1: 

5 (U(k, 1) ) 0 " k " 2 = 

0 < 1 < 1 

Finally the complete protected algorithm 
according to the invention is derived from this. 

Initialisation : 

R 0 <- 1; Ri <- A; i <- M-l; s <- 1 
10 As long as i > 0, repeat the block T(k,s) : 

k <- (/s)x(k+l) + sx2x(/Di) 
s <- U(k, 1) 

y(k,s): R 0 <- R 0 xR u(k/ o) 

i <- i - s 

15 Return R 0 . 

Algorithm 6 

(protected "Square and Multiply", Version 3) 

The use of a matrix is a very general method, 
much more general than the empirical relationships used 
2 0 in Examples 1 to 5 for explaining the links between the 
various indices used. 

The expression of the links between the indices 
in the form of a matrix with several inputs has the 



0 o 

1 l 
o l 
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advantage of being much simpler to implement and in 
particular being usable for all known cryptographic 
algorithms, including the most complex, as will be seen 
in a few examples of cryptographic calculation 
5 algorithms on elliptic curves (Examples 8 and 9) . 

Example 7 

Here the algorithm (M, M3) and its breakdown 
table are considered once again: 

Table 7 = Table 4 





k 


s 


n 0 


(Di = 


0) 








yO : 


Ro 


< - 


RoxRq ; 


i 


< - 


i-1 


0 


1 


n x 


(Di = 


1) 


and 


(Di-! 


= 0) 


yl : 


Ro 




RoxRq ; 


i 


< - 


i-0 


1 


0 














Y 2: 


Ro 


< - 


RoxRi ; 


i 


< - 


i-1 


2 


1 


n s 


(Di = 


1) 


and 


(Di.! 


= 1) 


y3 : 


Ro 


< - 


RoxRq ; 


i 


< - 


i-0 


3 


0 














y4 : 


Ro 


< - 


RoxRq ; 


i 


< - 


i-0 


4 


0 














y5 : 


Ro 


< - 


R0XR2 ; 


i 


< - 


i-2 


5 


1 



10 

From Table 7, the following matrix is easily 
derived: 



(U(k, 1) ) 0 " k " 5 - 
0 < 1 < 2 



0 1 1 

0 0 0 

1 1 1 
0 0 0 
0 0 0 

2 2 1 



one possible expression of a common 
15 block y(k) : 



elementary 
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Y(k) = [R 0 <- R 0 xR u(kf0 ); i <- i - Ru(k.i)] 

and a protected algorithm using the common 
elementary block y(k) : 

Initialisation : 
5 R 0 <- 1; R x <- A; R 2 <- A 3 ; 

i <- M-l; s<- 1 
As long as i > 0, repeat the common block T(k / s) : 

k <- (/s)x(k+l) + sx(D ± + 2x(/Di AND Di-i) ) ; 

s <- U(k,2) 

10 y(k,s): R 0 <- R 0 xR u(kf0 ); 

i <- i - U(k, 1) 

Return R 0 - 
Algorithm 7 

(protected algorithm (M, M 3 ) , Version 3) 

15 Example 8 

A cryptographic calculation algorithm on a non- 
supersingular elliptic curve E defined on a binary 
field F 2 q by the following Weierstrass equation: 

E/F 2 q: Y 2 + XxY = X 3 + axX 2 + b (EQ d) 

20 where X, Y are the affine coordinates of a point 

P on the curve E. 

The basic operations of a cryptographic algorithm on 
elliptic curves are the operations of doubling of points 
and the operations of addition of two distinct points. 

25 The operation of doubling of a point is defined by: 
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P3(X3, Y3) = 2xPl(Xl, Yl) with 
X3 = a + X 2 + X 
Y3 = (Xl+X3)xX + X3 + Yl 
and X = XI + (Yl/Xl) 

5 The operation of addition of two distinct points 

is defined by: 

P(X3, Y3) = PI (XI, Yl) + P2(X2, Y2 ) 
X3 = a + X 2 + X + XI + X2 
Y3 = (XI + X3)xA, + X3 + Yl 
10 and X = (Yl + Y2)/(X1 + X2 ) 

In Table 8, the operation of doubling of points 
and the operation of addition of two distinct points 
have been broken down in the form each of an equivalent 
elementary block yO , yl (the same operations are used, 
15 possibly on different registers) : 

Table 8 





k 


s 




Ri 


< - 


Ri 


+ Rs; R 2 


<- R 2 


+ R 4 ; Rs 


<- R2/R1; 






yO : 


Ri 
R 6 


< - 

< - 


Ri 
R 6 


+ Rs; R 6 
+a ; Ri < 


<- R s 
- R x + 


2 . 

; 

Re; R 2 < 


- Ri + R4; 


0 


1 




R 6 


< - 


Ri 


+ R 3 ; Rs 


<- R 5 


x R6; R 2 


<- R 2 + R 5 








R 6 


< - 


Ri 


+ R 3 ; Re 


<- R 6 


+ R 3 ; R 5 


<- R2/R1; 






yl : 


Rs 
Ri 


< - 

< - 


Ri 
Ri 


+ R 5 ; Ri 

+a ; Ri < 


<- R s 
- R x + 


2 m 
/ 

Rs; R 2 < 


- Ri + R 2 ; 


1 


1 




R 6 


< - 


Ri 


+ R s ; Rs 


<- Rs 


X R 6 ; R 2 


<- R 2 + R 5 







From Table' 8, the following matrix is derived: 
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(U(k, 1) ) 0 ~ k " 1 = 
0 < 1 < 7 

The matrix comprises only two rows since only two 
different elementary blocks are used. The matrix 

comprises 8 columns, each associated with a register 
index varying from one row to another. Column 0 is 
thus associated with the index of the register (Rl or 
R6) in which the result of the first operation (Rl + 
R3) is stored, Column 1 is associated with the index of 
the register (R2 or R6) in which the result of the 
second operation (R 2 + R 4 or R 6 + R 3 ) is stored, Columns 
1 and 2 are associated with the registers whose 
contents are added during the second operation (R 2 + R 4 
or R 6 + R 3 ) , etc . 

The matrix is to be used with the following 
common elementary block: 

y(k) : Ru(k,o) <- Ri + R3; Ru<k,i> <- Ru<k,u + Ru<k,2) ; 
R 5 <- R2/R1; Ru<k, 3 ) <- Ri + R 5 ; 
Ru(k # 4> < ** R5 2 ; 

Ru<k,4) <- Ru(k,4) +a; R x <- Ri + Ru(k,5)/ 
20 R 2 <- Ri + Ru(k,6); Re <- Ri + Ru<k,7) ; 

R 5 <- R 5 . R 6 ; R 2 <- R 2 + R 5 

in order to effect a protected algorithm using 
the common block T(k) in a loop of the "repeat as long 
as" type and performing a complex operation using basic 
25 operations (doubling of points and/or addition of 
points) 



12 4 16 6 4 3 
6 6 3 5 15 2 6 
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Initialisation : 

Ri <- Xi; R 2 <- Y i; 
R 3 <- Xi; R 4 <- Y i; 
i < m-2; s <- 1; k < - 0; 
5 As long as i > 0 , repeat r(k,s) : 

y(k) 

s<-k-Di+l 

k <- (k+1) X (/S) ; 
i < - i - s ; 
10 Return (Rl, R2) ' 



Algorithm 8 

(protected algorithm on elliptic curve) 



